Are there limitations when using cron?

[XIII]

Since 1Password now offers a nice CLI that works on our router, I'm trying to make my scripts more secure, by no longer hardcoding credentials.

However I notice something weird when testing this:

Experiment 1

/jffs/scripts/test1:

#!/bin/sh
logger test1
/opt/bin/op run --env-file=/jffs/op/test.env -- /jffs/scripts/test2

/jffs/op/test.env:

SOME_CREDENTIAL=blabla

/jffs/scripts/test2:

#!/bin/sh
logger test2
logger credential: $SOME_CREDENTIAL

➜ cru l
*/2 * * * * /jffs/scripts/test1 #Test#

* When I manually run /jffs/scripts/test1 I see both the test1 and test2 lines in /tmp/syslog.log
* When I wait for /jffs/scripts/test1 to be executed by cron I only see test1 in the logging (not test2)

Experiment 2

Modified /jffs/scripts/test1 (not injecting credentials):

#!/bin/sh
logger test1
/jffs/scripts/test2

* When I manually run /jffs/scripts/test1 I see both the test1 and test2 lines in /tmp/syslog.log
* When I wait for /jffs/scripts/test1 to be executed by cron I see both the test1 and test2 lines in /tmp/syslog.log

Question

What might be limiting the 1Password CLI op tool when being executed using cron? (How can I make this work?)

 

[eibgrad]

Can't really be sure, but one thing you have to be careful about is the context under which a process is running. When something is run from the scheduler, it does NOT necessarily have the same environment as YOU when you're logged into the shell.

So let's say there's some dependency the process has on a local environment variable that's only available when you're logged in. That same environment variable might NOT be available to the system when running off the scheduler.

I know nothing about that (what I assume is a) binary (/opt/bin/op). So I'm just speculating.

 

[XIII]

So let's say there's some dependency the process has on a local environment variable that's only available when you're logged in.

I thought about context differences, but not specifically about environment variables…

You probably nailed it; I think I need to (again) set OP_CONNECT_HOST and OP_CONNECT_TOKEN:

Load Secrets Into Config Files | 1Password Developer

Learn how to use 1Password CLI to load secrets into config files without putting any plaintext secrets in code.

developer.1password.com

Unfortunately, I can’t test this hypothesis right now: once again I cannot SSH into my router running 386.7(_1). A reboot usually solves this, but I can’t reboot it right now.

Will report back later. Thanks!

 

[DJones]

I thought about context differences, but not specifically about environment variables…

You probably nailed it; I think I need to (again) set OP_CONNECT_HOST and OP_CONNECT_TOKEN:

Load Secrets Into Config Files | 1Password Developer

Learn how to use 1Password CLI to load secrets into config files without putting any plaintext secrets in code.

developer.1password.com

Unfortunately, I can’t test this hypothesis right now: once again I cannot SSH into my router running 386.7(_1). A reboot usually solves this, but I can’t reboot it right now.

Will report back later. Thanks!

If ssh stops working because you attempted the wrong password too many times if you mask your MAC address with a random address and renew lease you can usually get another chance to login as it temp bans that devices original Mac. Or use another device to ssh. Windows,Mac/iOS, Linux you should be able to spoof a MAC address in settings.

 

[XIII]

The USB flash drive in my router died today; that's why SSH no longer worked...

And @eibgrad was completely right: after setting environment variables the scripts do work using cron. Thank you once again!